Oval Definition:oval:org.cisecurity:def:1652
Revision Date:2017-01-27Version:6
Title:.NET Information Disclosure Vulnerability - CVE-2016-7270 (MS16-155)
Description:The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):MS16-155
CVE-2016-7270
Platform(s):Microsoft Windows 10
Microsoft Windows Server 2016
Product(s):
Definition Synopsis
  • Microsoft .NET Framework 4.6.2 is installed
  • AND Affected Windows OS + file version
  • Microsoft Windows 7 (32-bit) Service Pack 1 is installed
  • OR Microsoft Windows 7 x64 Service Pack 1 is installed
  • OR Microsoft Windows 8.1 (x86) is installed
  • OR Microsoft Windows 8.1 (x64) is installed
  • OR Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed
  • OR Microsoft Windows Server 2012 is installed
  • OR Microsoft Windows Server 2012 R2 is installed
  • OR Microsoft Windows 10 (x86) is installed
  • OR Microsoft Windows 10 (x64) is installed
  • OR Microsoft Windows 10 Version 1511 (32-bit) is installed
  • OR Microsoft Windows 10 Version 1511 (64-bit) is installed
  • OR Microsoft Windows 10 Version 1607 (32-bit) is installed
  • OR Microsoft Windows 10 Version 1607 (64-bit) is installed
  • OR Microsoft Windows Server 2016 is installed
  • AND Check if the version of System.Data.dll is less than 4.6.1636.0
    • BACK